PT-2019-4786 · Apache+5 · Mod Auth Openidc+6

Oss-Aimoto

Publicado

2019-11-08

Atualizado

2025-12-29

CVE-2019-14857

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mod auth openidc versions prior to 2.4.0.1 Apache HTTP Server (affected versions not specified)

Description A flaw exists related to open redirect issues in URLs with trailing slashes. There is also an issue with insufficient protection of web pages in the mod auth digest component of the Apache HTTP Server, which could allow a remote attacker to gain unauthorized access to confidential information or execute arbitrary code.

Recommendations For mod auth openidc versions prior to 2.4.0.1, update to version 2.4.0.1 or later. For Apache HTTP Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALSA-2020:3032

BDU:2020-01364

CESA-2020_3032

CESA-2020_3970

CVE-2019-14857

DLA-1996-1

DLA-2298-1

MGASA-2019-0410

OPENSUSE-SU-2019:2499-1

OPENSUSE-SU-2019_2499-1

OPENSUSE-SU-2024:10624-1

RHSA-2020:3032

RHSA-2020:3970

RHSA-2020_3032

RHSA-2020_3970

RLSA-2020:3032

SUSE-SU-2019:2934-1

SUSE-SU-2019:2935-1

SUSE-SU-2019_2934-1

SUSE-SU-2019_2935-1

SUSE-SU-2025:4532-1

Produtos afetados

Almalinux

Apache Http Server

Centos

Red Hat

Rocky Linux

Suse

Mod Auth Openidc

PT-2019-4786 · Apache+5 · Mod Auth Openidc+6

CVE-2019-14857

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 57